Else we get warnings on boot, that
net.bridge.bridge-nf-call-iptables is an unknown key
+- disable CONFIG_DEFAULT_SECURITY_SELINUX
+
+ Use same SELINUX config as debian kernels (CONFIG_DEFAULT_SECURITY_DAC=y)
+
# Note: enable now for testing
#- disable CONFIG_BRIDGE_IGMP_SNOOPING
#
--- rh-kernel-src/kernel-3.10.0-x86_64.config 2013-12-16 08:05:07.513206660 +0100
-+++ linux-2.6-3.10.0/.config 2013-12-17 10:53:21.232535799 +0100
++++ linux-2.6-3.10.0/.config 2013-12-17 12:51:02.505690103 +0100
@@ -1,7 +1,6 @@
-# x86_64
#
CONFIG_DLM=m
CONFIG_DLM_DEBUG=y
-@@ -5049,7 +5044,7 @@
+@@ -4956,9 +4951,8 @@
+ CONFIG_INTEL_TXT=y
+ CONFIG_LSM_MMAP_MIN_ADDR=65535
+ CONFIG_SECURITY_SELINUX=y
+-CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+-CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+-CONFIG_SECURITY_SELINUX_DISABLE=y
++# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
++# CONFIG_SECURITY_SELINUX_DISABLE is not set
+ CONFIG_SECURITY_SELINUX_DEVELOP=y
+ CONFIG_SECURITY_SELINUX_AVC_STATS=y
+ CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+@@ -4975,9 +4969,9 @@
+ CONFIG_IMA_AUDIT=y
+ CONFIG_IMA_LSM_RULES=y
+ # CONFIG_IMA_APPRAISE is not set
+-CONFIG_DEFAULT_SECURITY_SELINUX=y
+-# CONFIG_DEFAULT_SECURITY_DAC is not set
+-CONFIG_DEFAULT_SECURITY="selinux"
++# CONFIG_DEFAULT_SECURITY_SELINUX is not set
++CONFIG_DEFAULT_SECURITY_DAC=y
++CONFIG_DEFAULT_SECURITY=""
+ CONFIG_XOR_BLOCKS=m
+ CONFIG_ASYNC_CORE=m
+ CONFIG_ASYNC_MEMCPY=m
+@@ -5049,7 +5043,7 @@
CONFIG_CRYPTO_CRC32C_INTEL=m
CONFIG_CRYPTO_CRC32=m
CONFIG_CRYPTO_CRC32_PCLMUL=m
CONFIG_CRYPTO_CRCT10DIF_PCLMUL=m
CONFIG_CRYPTO_GHASH=m
CONFIG_CRYPTO_MD4=m
-@@ -5161,7 +5156,7 @@
+@@ -5161,7 +5155,7 @@
CONFIG_PERCPU_RWSEM=y
CONFIG_CRC_CCITT=m
CONFIG_CRC16=y
CONFIG_CRC_ITU_T=m
CONFIG_CRC32=y
# CONFIG_CRC32_SELFTEST is not set
-@@ -5208,6 +5203,7 @@
+@@ -5208,6 +5202,7 @@
CONFIG_DQL=y
CONFIG_NLATTR=y
CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
projects / pve-kernel-3.10.0.git / commitdiff